[JBossWS] - Need help: Errors during SSL connection
by d.behrwind
Hi,
I'm using Seam 2.0.2.SP1 on JBossAS 4.2.2.GA and want to publish some web services. Communication shall be encrypted using SSL. So I'm trying to follow the instructions at http://jbws.dyndns.org/mediawiki/index.php?title=Secure_transport.
After finally getting the server running with SSL, my client is now unable to connect.
If I configure the SSL connector in the server.xml as suggested in the article:
<Connector port="8443" address="${jboss.bind.address}"
| maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
| scheme="https" secure="true" clientAuth="want"
| keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore"
| keystorePass="symtaweb"
| truststoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore"
| truststorePass="symtaweb"
| sslProtocol = "TLS" />
the result is:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
| at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
| at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128)
| at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
| at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
| at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
| at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
| at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
| at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
| at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
| at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
| at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
| at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
| at $Proxy29.login(Unknown Source)
| at com.symtavision.test.jbossws.Test.main(Test.java:32)
| Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
| at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
| at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
| at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
| at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
| at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107)
| ... 13 more
| Caused by: java.io.EOFException: SSL peer shut down incorrectly
| at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
| ... 21 more
|
And when using the default configuration:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" sslProtocol="TLS"
| keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\.keystore"
| keystorePass="symtaweb" />
I get this:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
| at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197)
| at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
| at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
| at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
| at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
| at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
| at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
| at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
| at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
| at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
| at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
| at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
| at $Proxy29.login(Unknown Source)
| at com.symtavision.test.jbossws.Test.main(Test.java:32)
I'm setting the required system properties programmatically instead of using XML configuration:
public static void main(String[] args) {
|
| System.setProperty("javax.net.ssl.keyStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
| System.setProperty("javax.net.ssl.trustStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
| System.setProperty("javax.net.ssl.keyStorePassword", "symtaweb");
| System.setProperty("javax.net.ssl.trustStorePassword", "symtaweb");
| System.setProperty("javax.net.ssl.keyStoreType", "jks");
| System.setProperty("javax.net.ssl.trustStoreType", "jks");
|
| // obtain proxy
| LoginService loginService = new LoginServiceService()
| .getLoginServicePort();
|
| // maintain Session
| ((BindingProvider) loginService).getRequestContext().put(
| BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
|
| // *** regular method calls *** //
|
| System.out.println("logging in... \n \t success: "
| + loginService.login("daniel", ""));
|
| System.out.println("still logged in?\n\t" + loginService.isLoggedin());
|
| System.out.println("logging out... \n \t success: "
| + loginService.logout());
|
| System.out.println("still logged in?\n\t" + loginService.isLoggedin());
|
| }
And I was not able to set the @SecurityDomain("JBossWS") annotation in the server class. (I don't know which jar to import ...)
Tanks for any help!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161151#4161151
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161151
16 years, 4 months
[JBossWS] - WS-Security trouble: {http://www.w3.org/2005/08/addressing}A
by timeagentess
Hello all,
I am trying to use WS-Security and have a client and web service exchange signed messages.
However, I have run into some trouble -- can't get rid of this error (seen on both server and client consoles):
anonymous wrote : ERROR [SOAPFaultHelperJAXWS] SOAP request exception
| javax.xml.ws.addressing.AddressingException: Required element {http://www.w3.org/2005/08/addressing}Action is missing
|
| at org.jboss.ws.extensions.addressing.soap.SOAPAddressingPropertiesImpl.getRequiredHeaderContent(SOAPAddressingPropertiesImpl.java:71)
| at org.jboss.ws.extensions.addressing.soap.SOAPAddressingPropertiesImpl.readHeaders(SOAPAddressingPropertiesImpl.java:141)
| at org.jboss.ws.extensions.addressing.jaxws.WSAddressingServerHandler.handleInbound(WSAddressingServerHandler.java:82)
| [...]
|
My configuration is JBoss 4.0.5 & JBossWS 2.0.0, and the files as described below.
I. Web service, deployed as SLSB in ear archive:
|-ejb.jar (contains Endpoint implementation WSTwoServiceBean.java)
|-META-INF
|---server.keystore
|---server.truststore
|---application.xml
|---jboss-wsse-server.xml
|---standard-jaxws-endpoint-config.xml
Service endpoint implementation: WSTwoServiceBean.java
//EJB3 annotations
| @javax.ejb.Stateless
| @org.jboss.annotation.ejb.RemoteBinding(jndiBinding = "WebServices/WSTwoServiceBeanInterface")
| @javax.ejb.Remote({com.atb.webservices.wstwo.WSTwoServiceBeanInterface.class})
|
| // WS annotations
| @javax.jws.WebService(endpointInterface = "com.atb.webservices.wstwo.WSTwoRemoteInterface", targetNamespace = "http://localhost:8080/atb")
| @org.jboss.wsf.spi.annotation.WebContext(contextRoot = "/webservices-ws", urlPattern="/services/WSTwo/*")
| @javax.jws.soap.SOAPBinding(style = javax.jws.soap.SOAPBinding.Style.DOCUMENT, use = javax.jws.soap.SOAPBinding.Use.LITERAL, parameterStyle = javax.jws.soap.SOAPBinding.ParameterStyle.WRAPPED)
| @HandlerChain(file="resource://META-INF/standard-jaxws-endpoint-config.xml")
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| @SecurityDomain("JBossWS")
| public class WSTwoServiceBean implements WSTwoServiceBeanInterface {
| @WebMethod
| public String hello(String s){
| return "Hello, " + s + "!";
| }
| }
|
jboss-wsse-server.xml:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>META-INF/server.keystore</key-store-file>
| <key-store-password>server</key-store-password>
| <trust-store-file>META-INF/server.truststore</trust-store-file>
| <trust-store-password>server</trust-store-password>
| <config>
| <sign type="jks" alias="server"/>
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
standard-jaxws-endpoint-config.xml:
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
| xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
|
| <endpoint-config>
| <config-name>Standard WSSecurity Endpoint</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </endpoint-config>
|
| </jaxws-config>
|
II. Client, standalone application:
|-TestWS.java
|-META-INF
|---jboss-wsse-client.xml
|---standard-jaxws-client-config.xml
|---client.keystore
|---client.truststore
(Even though, being a standalone client, I suspect placing the files in a folder other than META-INF wouldn't make any difference)
TestWS.java:
| WSTwoServiceBeanService wstwoService = new WSTwoServiceBeanService();
| WSTwo wstwo = wstwoService.getPort(WSTwo.class);
|
| URL securityURL = null;
| URL securityConfig = null;
| try {
| securityURL = new File("META-INF/jboss-wsse-client.xml").toURL();
| securityConfig = new File("META-INF/standard-jaxws-client-config.xml").toURL();
| } catch (MalformedURLException e) {
| System.out.println(e);
| }
| ((StubExt)wstwo).setSecurityConfig(securityURL.toExternalForm());
| ((StubExt)wstwo).setConfigName("Standard WSSecurity Client", securityConfig.toExternalForm());
|
| String response = wstwo.hello("world");
| System.out.println("Web service answered with: " + response);
|
jboss-wsse-client.xml:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>d:/workspace/wsclient/META-INF/client.keystore</key-store-file>
| <key-store-password>client</key-store-password>
| <key-store-type>jks</key-store-type>
| <trust-store-file>d:/workspace/wsclient/META-INF/client.truststore</trust-store-file>
| <trust-store-password>client</trust-store-password>
| <trust-store-type>jks</trust-store-type>
| <config>
| <sign type="jks" alias="client"/>
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
standard-jaxws-client-config.xml:
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
| xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
|
| <client-config>
| <config-name>Standard WSSecurity Client</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </client-config>
|
| </jaxws-config>
|
Thank you!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160786#4160786
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160786
16 years, 4 months